All releases of Blosxom

Release Notes: This release fixes a cross-site scripting (XSS) flaw that allowed malicious users to inject HTML and JavaScript code into Blosxom's error page and possibly also the output of some plugins and non-default templates. (CVE-2008-2236)

Release Notes: isPermalink has been changed back to "false" for the default RSS story template because it won't be a working link in many situations. This won't change the GUID, but don't let it be used as a link anymore. The no longer working manual base URL detection code has been rewritten. It is simpler, easier to understand, and only applies if the base URL is not set manually.

Release Notes: Support for external config files and multi-instance installations via environment variables, multiple plugin directories, and configuring the plugin list in a config file have been added. The default feed templates are now in RSS 2.0 format and have GUID elements, and the announced charset encoding can be configured. Several RSS and XHTML escaping issues have been fixed, and the default HTML templates now conform to HTML 4.01. It now also works together with a broader range of CGI.pm versions.